Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp133606rdd; Mon, 8 Jan 2024 21:54:45 -0800 (PST) X-Google-Smtp-Source: AGHT+IHHvSPKMVBu/x14BDDn2WgrXv6fcM1fB7cAAkTJPZW1wihy9bG9WG15JcBfHu+E2PfnhdBC X-Received: by 2002:a05:6e02:2145:b0:35f:eb65:a10f with SMTP id d5-20020a056e02214500b0035feb65a10fmr5016423ilv.38.1704779685225; Mon, 08 Jan 2024 21:54:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704779685; cv=none; d=google.com; s=arc-20160816; b=vufKhw+cS6OXq9xtktqsQTMxTAu9wRgJZ5EajtuI06SZRj+T8lAqHZt1KPeibNidLK x9GlFb3H7QaFmv8lwQXYTKNQrIuNk6HE5E0SuFeCxVReotY8dgEXqgfUz/r5KN+V3KWQ yyzWK9mN0e5MfDvA6hw7DZLtSSHq+gr4LIUWazEjHElFd0lT8QT7oOmYtbYLeRiVHp0m PqWE4PW7sS2eOug8LUA+J44Rx4XSbnkCHfhzDSNg+DpzOQrfF/W9HcHUhWymS2D7jNH3 m6EMFJDwVtmVqqGRkEAwny65/gZaQTe1pCuUXhE6EVqsf3rWFJMI3SMPhwBqKMwSsIul gJeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to:subject :user-agent:mime-version:list-unsubscribe:list-subscribe:list-id :precedence:date:message-id:dkim-signature; bh=hTB3eNToEwL6+O3TbDCg+RUjSDoqN5hWb3MRYFu4HO4=; fh=Xzdh9ogU5+E9Z4yY6OGlqAELSGdwh0gYz8aTiTJRvxM=; b=bftd/IEW9NDY7Kq5wolVvGZHARnsCBeg344seC1ZG9oyoW+ofRrxY+7cxlY7bE+ExL 0U7u0dw8RwNWmdQJC1Zrlp7ThCKr0Xh8HFASfYXTVSW0X1zd4VshT3zP67Z1Xiy3Kv9h V6Gsu67V+xW2153/694eglH6G/zVcd7kVIa72rbd/OFquVPbotuSVrvYN0q4OdxDM6a8 71RzObCsJvTFGgOPdFCfdb7CYCmZcn1losoB/3xEn0jnXyuJ8ZHGBp+8ltpx9iIXNvMx fYR4vLK4xYCnE8R356+u/s4G+EHYr88mXCMgROP3XihNSaldT1u4NdwRmLZZJHcNoeri NFjw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=P8wIVdF6; spf=pass (google.com: domain of linux-kernel+bounces-20416-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-20416-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id k7-20020a633d07000000b005cdfdfccfffsi941495pga.403.2024.01.08.21.54.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jan 2024 21:54:45 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-20416-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=P8wIVdF6; spf=pass (google.com: domain of linux-kernel+bounces-20416-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-20416-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id D8A472844F8 for ; Tue, 9 Jan 2024 05:54:44 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id DF4711C06; Tue, 9 Jan 2024 05:54:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="P8wIVdF6" Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 529AE8F40 for ; Tue, 9 Jan 2024 05:54:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1704779675; x=1736315675; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=9cgQwI7g8cd64aO6IDwl4DiR8sizuP2sKWjwlnQwD4A=; b=P8wIVdF6J8XOWo+LYPJvbZc2HKWCSRxpiLDU6CVnA6p1KStEk+5dizSW i4wFN8fbnoLESFmo1Qtdm3lD3VtNcfmpmpJhNjjXK4nRlXzIBy5PfwJoK Hy4FdEqG0Sljvi0nBfXfkq09KnJvw5Uvy7k9nJa8j1VpMmKQfgdCG+fZC 2+DixGZnluh8zATYjcPutcgiodfSIhaJcEjdKf2QtUqrXGdgIC3G52D3G fq75dijV+ZK40WKe8lbYkrwXlPQFUZvHYTeJecabd7raM46jQ2r860A7Y fD/FL0wq0TejVKJjg32nm0IkUxk/uUiPqovAwg0cdCGGJYy4PEXNAkAKy g==; X-IronPort-AV: E=McAfee;i="6600,9927,10947"; a="396961982" X-IronPort-AV: E=Sophos;i="6.04,181,1695711600"; d="scan'208";a="396961982" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Jan 2024 21:54:34 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10947"; a="925111147" X-IronPort-AV: E=Sophos;i="6.04,181,1695711600"; d="scan'208";a="925111147" Received: from zhaohaif-mobl.ccr.corp.intel.com (HELO [10.238.130.17]) ([10.238.130.17]) by fmsmga001-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Jan 2024 21:54:30 -0800 Message-ID: <15a058ba-3b51-46f3-bb1c-23792d100b55@linux.intel.com> Date: Tue, 9 Jan 2024 13:54:27 +0800 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v3 0/2] iommu/iova: Make the rcache depot properly flexible To: Robin Murphy , Ido Schimmel Cc: joro@8bytes.org, will@kernel.org, iommu@lists.linux.dev, linux-kernel@vger.kernel.org, zhangzekun11@huawei.com, john.g.garry@oracle.com, dheerajkumar.srivastava@amd.com, jsnitsel@redhat.com References: From: Ethan Zhao In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 1/9/2024 1:35 AM, Robin Murphy wrote: > On 2023-12-28 12:23 pm, Ido Schimmel wrote: >> On Tue, Sep 12, 2023 at 05:28:04PM +0100, Robin Murphy wrote: >>> v2: >>> https://lore.kernel.org/linux-iommu/cover.1692641204.git.robin.murphy@arm.com/ >>> >>> Hi all, >>> >>> I hope this is good to go now, just fixed the locking (and threw >>> lockdep at it to confirm, which of course I should have done to begin >>> with...) and picked up tags. >> >> Hi, >> >> After pulling the v6.7 changes we started seeing the following memory >> leaks [1] of 'struct iova_magazine'. I'm not sure how to reproduce it, >> which is why I didn't perform bisection. However, looking at the >> mentioned code paths, they seem to have been changed in v6.7 as part of >> this patchset. I reverted both patches and didn't see any memory leaks >> when running a full regression (~10 hours), but I will repeat it to be >> sure. >> >> Any idea what could be the problem? > > Hmm, we've got what looks to be a set of magazines forming a plausible > depot list (or at least the tail end of one): > > ffff8881411f9000 -> ffff8881261c1000 > > ffff8881261c1000 -> ffff88812be26400 > > ffff88812be26400 -> ffff8188392ec000 > > ffff8188392ec000 -> ffff8881a5301000 > > ffff8881a5301000 -> NULL > > which I guess has somehow become detached from its rcache->depot > without being freed properly? However I'm struggling to see any > conceivable way that could happen which wouldn't already be more > severely broken in other ways as well (i.e. either general memory > corruption or someone somehow still trying to use the IOVA domain > while it's being torn down). > > Out of curiosity, does reverting just patch #2 alone make a > difference? And is your workload doing anything "interesting" in > relation to IOVA domain lifetimes, like creating and destroying SR-IOV > virtual functions, changing IOMMU domain types via sysfs, or using > that horrible vdpa thing, or are you seeing this purely from regular > driver DMA API usage? There no lock held when free_iova_rcaches(), is it possible free_iova_rcaches() race with the delayed iova_depot_work_func() ? I don't know why not call cancel_delayed_work_sync(&rcache->work); first in free_iova_rcaches() to avoid possible race. Thanks, Ethan > > Thanks, > Robin. > >> >> Thanks >> >> [1] >> unreferenced object 0xffff8881a5301000 (size 1024): >>    comm "softirq", pid 0, jiffies 4306297099 (age 462.991s) >>    hex dump (first 32 bytes): >>      00 00 00 00 00 00 00 00 e7 7d 05 00 00 00 00 00 .........}...... >>      0f b4 05 00 00 00 00 00 b4 96 05 00 00 00 00 00 ................ >>    backtrace: >>      [] __kmem_cache_alloc_node+0x1e8/0x320 >>      [] kmalloc_trace+0x2a/0x60 >>      [] free_iova_fast+0x28e/0x4e0 >>      [] fq_ring_free_locked+0x1b0/0x310 >>      [] fq_flush_timeout+0x19d/0x2e0 >>      [] call_timer_fn+0x19a/0x5c0 >>      [] __run_timers+0x78b/0xb80 >>      [] run_timer_softirq+0x5d/0xd0 >>      [] __do_softirq+0x205/0x8b5 >> >> unreferenced object 0xffff8881392ec000 (size 1024): >>    comm "softirq", pid 0, jiffies 4306326731 (age 433.359s) >>    hex dump (first 32 bytes): >>      00 10 30 a5 81 88 ff ff 50 ff 0f 00 00 00 00 00 ..0.....P....... >>      f3 99 05 00 00 00 00 00 87 b7 05 00 00 00 00 00 ................ >>    backtrace: >>      [] __kmem_cache_alloc_node+0x1e8/0x320 >>      [] kmalloc_trace+0x2a/0x60 >>      [] free_iova_fast+0x28e/0x4e0 >>      [] fq_ring_free_locked+0x1b0/0x310 >>      [] fq_flush_timeout+0x19d/0x2e0 >>      [] call_timer_fn+0x19a/0x5c0 >>      [] __run_timers+0x78b/0xb80 >>      [] run_timer_softirq+0x5d/0xd0 >>      [] __do_softirq+0x205/0x8b5 >> >> unreferenced object 0xffff8881411f9000 (size 1024): >>    comm "softirq", pid 0, jiffies 4306708887 (age 51.459s) >>    hex dump (first 32 bytes): >>      00 10 1c 26 81 88 ff ff 2c 96 05 00 00 00 00 00 ...&....,....... >>      ac fe 0f 00 00 00 00 00 a6 fe 0f 00 00 00 00 00 ................ >>    backtrace: >>      [] __kmem_cache_alloc_node+0x1e8/0x320 >>      [] kmalloc_trace+0x2a/0x60 >>      [] free_iova_fast+0x28e/0x4e0 >>      [] fq_ring_free_locked+0x1b0/0x310 >>      [] fq_flush_timeout+0x19d/0x2e0 >>      [] call_timer_fn+0x19a/0x5c0 >>      [] __run_timers+0x78b/0xb80 >>      [] run_timer_softirq+0x5d/0xd0 >>      [] __do_softirq+0x205/0x8b5 >> >> unreferenced object 0xffff88812be26400 (size 1024): >>    comm "softirq", pid 0, jiffies 4306710027 (age 50.319s) >>    hex dump (first 32 bytes): >>      00 c0 2e 39 81 88 ff ff 32 ab 05 00 00 00 00 00 ...9....2....... >>      e3 ac 05 00 00 00 00 00 1f b6 05 00 00 00 00 00 ................ >>    backtrace: >>      [] __kmem_cache_alloc_node+0x1e8/0x320 >>      [] kmalloc_trace+0x2a/0x60 >>      [] free_iova_fast+0x28e/0x4e0 >>      [] fq_ring_free_locked+0x1b0/0x310 >>      [] fq_flush_timeout+0x19d/0x2e0 >>      [] call_timer_fn+0x19a/0x5c0 >>      [] __run_timers+0x78b/0xb80 >>      [] run_timer_softirq+0x5d/0xd0 >>      [] __do_softirq+0x205/0x8b5 >> >> unreferenced object 0xffff8881261c1000 (size 1024): >>    comm "softirq", pid 0, jiffies 4306711547 (age 48.799s) >>    hex dump (first 32 bytes): >>      00 64 e2 2b 81 88 ff ff c0 7c 05 00 00 00 00 00 .d.+.....|...... >>      87 a5 05 00 00 00 00 00 0e 9a 05 00 00 00 00 00 ................ >>    backtrace: >>      [] __kmem_cache_alloc_node+0x1e8/0x320 >>      [] kmalloc_trace+0x2a/0x60 >>      [] free_iova_fast+0x28e/0x4e0 >>      [] fq_ring_free_locked+0x1b0/0x310 >>      [] fq_flush_timeout+0x19d/0x2e0 >>      [] call_timer_fn+0x19a/0x5c0 >>      [] __run_timers+0x78b/0xb80 >>      [] run_timer_softirq+0x5d/0xd0 >>      [] __do_softirq+0x205/0x8b5 >